update vaultwarden

apps/grimmory/mariadb-credentials.yaml

@@ -0,0 +1,23 @@
+apiVersion: v1
+stringData:
+    mariadb-password: ENC[AES256_GCM,data:sRg+BqCvSWe/I9vLLRcgPyMs87BttZAejfKPI7kIej6L3sXasYE700jr9tw=,iv:VMnb9a72TYYBdC2RCD9wwpRdUZiiD+SFOZOl0ZIHjbU=,tag:eXRgY1VO0PDRJPUAr4RYXw==,type:str]
+    mariadb-root-password: ENC[AES256_GCM,data:86cu/5fSD2h7yQSt0b9cp15a56LYiyhdUfFVdhla7cs0GsIyDul2A4TuSQA=,iv:U+JPt6UUc70MzYAQBODEzl/wMQ+TEVBYZHxxMZf4xyw=,tag:CAdI37E9cj07yoltPxLjWg==,type:str]
+kind: Secret
+metadata:
+    name: mariadb-credentials
+    namespace: grimmory
+sops:
+    age:
+        - recipient: age1s0206tnfaaw849x5xmt95axgu8qhxzlu5ywrwz09tpt8lwpx858q089nq9
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvOEhieFpaNU5CRElYRFRx
+            VjJqUm9Zbk44M3QvVlNqcUFGUnRjNlUvUERZCjA2VjJXdlJmSDdYeW5BbEF2RElV
+            QXZ6YVl3REVFRzY5RG81YzVyaWpBWTgKLS0tIEdITTBCUm1tZGhZVzFwbGszbDF6
+            ZzhZOEU2SUFUWllqOHZCS1c5YW5TQjQKbQqmVAWZq7aqBaFt+51oY7PZ2BcLc7Wa
+            neOgcwRTq2x27yoWNPlcWSsqFss5RLldriEer4QdwdIDlWEj8Js7uA==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2026-05-24T18:40:49Z"
+    mac: ENC[AES256_GCM,data:URvFnjTBRU17FIJTLjggheWWI63UcktsyMgrKP5Ib7/F4HcSbZySGis6Ty/y2Cn5uessjpf12IQ1EZ0Vybnm7w58/nb3+ZiEow5XtJ91OAw2iCJv00YyKtWgFqkymCHJu2a/SuuG3ibH5+MbucQKHUSXuxsRvYaJaigw1Gzi80I=,iv:3H2NNqh8eBqNvKybtsKYujjDeDlvmlwXxdzRoazU46E=,tag:tgYlwl0K7GbSX1pBtlD/xg==,type:str]
+    encrypted_regex: ^(data|stringData)$
+    version: 3.12.2

apps/grimmory/release.yaml

@@ -0,0 +1,47 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: grimmory
+  namespace: grimmory
+spec:
+  chart:
+    spec:
+      chart: grimmory
+      version: 3.x
+      sourceRef:
+        kind: HelmRepository
+        name: grimmory
+  interval: 15m
+  releaseName: grimmory
+  values:
+    mariadb:
+      auth:
+        existingSecret: mariadb-credentials
+        secretKeys:
+          rootPasswordKey: mariadb-root-password
+          userPasswordKey: mariadb-password
+    ingress:
+      enabled: true
+      annotations:
+        cert-manager.io/cluster-issuer: "letsencrypt-prod"
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+      hosts:
+        - host: grimmory.michaelthomson.dev
+          paths:
+            - path: /
+              pathType: ImplementationSpecific
+      tls:
+        - hosts:
+            - grimmory.michaelthomson.dev
+          secretName: grimmory-tls
+    persistence:
+      dataVolume:
+        enabled: true
+        size: 100Mi
+        existingClaim: ""
+      booksVolume:
+        enabled: true
+        size: 10Gi
+        existingClaim: ""
+    

apps/grimmory/repository.yaml

@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: grimmory
+  namespace: grimmory
+spec:
+  type: "oci"
+  interval: 15m
+  url: oci://ghcr.io/grimmory-tools/helm-charts

apps/vaultwarden/release.yaml

@@ -7,7 +7,7 @@ spec:
   chart:
     spec:
       chart: vaultwarden
-      version: 0.30.x
+      version: 0.39.x
       sourceRef:
         kind: HelmRepository
         name: vaultwarden
@@ -33,8 +33,8 @@ spec:
       host: "mail.michaelthomson.dev"
       security: "force_tls"
       port: 465
-      from: "vaultwarden@michaelthomson.dev"
-      fromName: "Vaultwarden"
+      from: "server@michaelthomson.dev"
+      fromName: "Server"
       username:
         existingSecretKey: "SMTP_USERNAME"
       password:

apps/vaultwarden/smtpcreds-secret.yaml

@@ -1,15 +1,14 @@
 apiVersion: v1
-data:
-    SMTP_PASSWORD: ENC[AES256_GCM,data:SxuZaVeYXXhar0Qhi7clkXyO15rBG8xI9QTOzgwqGVCjHOW4,iv:zKgyHRU6GOnz6Vpt1Ko4/B9ySZpbMf2J/bN8WdUaitY=,tag:4+02vnssi0okvMZDel7/mw==,type:str]
-    SMTP_USERNAME: ENC[AES256_GCM,data:NREKMX/dvkejjoiLa764rT7CDl0nPoAaNWkXGnqrgdPhnsMVSUv1RA==,iv:VXe3z426+688ojm4JU3hyytFWCJ2oYgSFVnIOv2ry8Y=,tag:Tj5k8LApkxd+TBJFF/6/Zg==,type:str]
+stringData:
+    SMTP_PASSWORD: ENC[AES256_GCM,data:ckVcecLJPGsD4RYEva2TJluXy2TvhS3aYPzxAyEN,iv:AteDpQU+1p5+/nxtgSDhyH/O6dEPrLE6OrN8soMQNGk=,tag:DlaHPDzhBxRDbuuNdNSllw==,type:str]
+    SMTP_USERNAME: ENC[AES256_GCM,data:6oCLieSE7U0QIn6+q48oQSEiRKD8fYRe6A==,iv:Ub9f7Hni0N1pvQNfje+EUbXoQHb37v8Wja2u0bvp0/E=,tag:p4VfEXiQEqH3aQNt+9aMPQ==,type:str]
 kind: Secret
 metadata:
     name: smtpcreds-secret
     namespace: vaultwarden
 sops:
     age:
-        - recipient: age1s0206tnfaaw849x5xmt95axgu8qhxzlu5ywrwz09tpt8lwpx858q089nq9
-          enc: |
+        - enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
             YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3ZWVxNElZM1pFNEx6eE9q
             U3ZHTzdhcXMzWmRBWGM0eDFTVCtFOGhGYzN3ClZ2U2NaSFVuaUN6RDhaYkVnb1du
@@ -17,7 +16,8 @@ sops:
             YjFheFgwRGVEVWJ3TW94UWlTREV6K2cKpnqUg4qLeOtIfecGjV2nUAYZGTkHCrT6
             OHfL5W55BqcQJYovv37JJHkNV+IHuVNo7aqO/gx5AE0HfMWPfy6QGg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-12-17T20:36:08Z"
-    mac: ENC[AES256_GCM,data:402GE3Cqd1N+cQBRnfNb5+/dudSy5pO1Hilc4DW0n+xm4x5sn8wr8C/mL6NDoBKh8fc7JAPPShCfx5B2RdxBL0hs7fkohSIKvtU4hq75enq/bPOtRoxuSxAMH89ayVSbP0V1llWsHFwGJROEMp/9vpqWUFqFvf3uCC8tLOGSy/8=,iv:lp0JMs56ltxFLJOiOWoTa2+D383SgD15v7XJpAwEDdw=,tag:/dezyOAu2W6nTGNQxKTlpA==,type:str]
+          recipient: age1s0206tnfaaw849x5xmt95axgu8qhxzlu5ywrwz09tpt8lwpx858q089nq9
     encrypted_regex: ^(data|stringData)$
-    version: 3.11.0
+    lastmodified: "2026-06-14T03:38:49Z"
+    mac: ENC[AES256_GCM,data:obLNrjI7ccUOdHwgihPUQ8OpkcpsC0ZWJxi6ddoYcDuwGEtASZjJYAwVWjIb2rvuIrpVAiVQ/WCfz6gAdwIqG9wSJw2FHlMV4h/DiEccZh1r9dVFZ85MHNYMPx05s2xPW30gPuGfSYnrAVlFKhgiJNXOQqguGqRwLIa3/AsmsiI=,iv:98ySRbgzOqrEzlKsbn0Ug5OqPtvuIjZAdwsMhMyD1GE=,tag:0q6u/ubYWZ+coKQkJtT+ZQ==,type:str]
+    version: 3.13.1

bootstrap/apps/kustomization-grimmory.yaml

@@ -0,0 +1,19 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: grimmory
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./apps/grimmory
+  prune: true # remove any elements later removed from the above path
+  wait: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  decryption:
+    provider: sops
+    secretRef:
+      name: sops-age
+  dependsOn:
+    - name: infra-configs

infrastructure/namespaces/namespace-grimmory.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: grimmory